

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>Cephadm Operations &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/css/custom.css" type="text/css" />

  
  
    <link rel="shortcut icon" href="../../_static/favicon.ico"/>
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/jquery.js"></script>
        <script src="../../_static/underscore.js"></script>
        <script src="../../_static/doctools.js"></script>
    
    <script type="text/javascript" src="../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../genindex/" />
    <link rel="search" title="Search" href="../../search/" />
    <link rel="next" title="Basic Ceph Client Setup" href="../client-setup/" />
    <link rel="prev" title="Ceph 的升级" href="../upgrade/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    

















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="../../" class="icon icon-home"></a> &raquo;</li>
        
          <li><a href="../">Cephadm</a> &raquo;</li>
        
      <li>Cephadm Operations</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
          
            <a href="../../_sources/cephadm/operations.rst.txt" rel="nofollow"> View page source</a>
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../">
          

          
            
            <img src="../../_static/logo.png" class="logo" alt="Logo"/>
          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../start/intro/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../install/">安装 Ceph</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../">Cephadm</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../compatibility/">Compatibility and Stability</a></li>
<li class="toctree-l2"><a class="reference internal" href="../install/">部署个全新的 Ceph 集群</a></li>
<li class="toctree-l2"><a class="reference internal" href="../adoption/">现有集群切换到 cephadm</a></li>
<li class="toctree-l2"><a class="reference internal" href="../host-management/">Host Management</a></li>
<li class="toctree-l2"><a class="reference internal" href="../services/">Service Management</a></li>
<li class="toctree-l2"><a class="reference internal" href="../upgrade/">Ceph 的升级</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Cephadm operations</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#watching-cephadm-log-messages">Watching cephadm log messages</a></li>
<li class="toctree-l3"><a class="reference internal" href="#ceph-daemon-logs">Ceph daemon logs</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#logging-to-journald">Logging to journald</a></li>
<li class="toctree-l4"><a class="reference internal" href="#logging-to-files">Logging to files</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#data-location">Data location</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#disk-usage">Disk usage</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#health-checks">Health checks</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id1">CEPHADM Operations</a></li>
<li class="toctree-l4"><a class="reference internal" href="#cluster-configuration-checks">Cluster Configuration Checks</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#client-keyrings-and-configs">Client keyrings and configs</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#listing-client-keyrings">Listing Client Keyrings</a></li>
<li class="toctree-l4"><a class="reference internal" href="#putting-a-keyring-under-management">Putting a Keyring Under Management</a></li>
<li class="toctree-l4"><a class="reference internal" href="#disabling-management-of-a-keyring-file">Disabling Management of a Keyring File</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#etc-ceph-ceph-conf">/etc/ceph/ceph.conf</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#distributing-ceph-conf-to-hosts-that-have-no-keyrings">Distributing ceph.conf to hosts that have no keyrings</a></li>
<li class="toctree-l4"><a class="reference internal" href="#using-placement-specs-to-specify-which-hosts-get-keyrings">Using Placement Specs to specify which hosts get keyrings</a></li>
<li class="toctree-l4"><a class="reference internal" href="#distributing-ceph-conf-to-hosts-tagged-with-bare-config">Distributing ceph.conf to hosts tagged with bare_config</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#purging-a-cluster">Purging a cluster</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../client-setup/">Client Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../troubleshooting/">Troubleshooting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../dev/cephadm/">Cephadm Feature Planning</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../radosgw/">Ceph 对象网关</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <div class="section" id="cephadm-operations">
<h1>Cephadm Operations<a class="headerlink" href="#cephadm-operations" title="Permalink to this headline">¶</a></h1>
<div class="section" id="watching-cephadm-log-messages">
<span id="watching-cephadm-logs"></span><h2>Watching cephadm log messages<a class="headerlink" href="#watching-cephadm-log-messages" title="Permalink to this headline">¶</a></h2>
<p>Cephadm writes logs to the <code class="docutils literal notranslate"><span class="pre">cephadm</span></code> cluster log channel. You can
monitor Ceph’s activity in real time by reading the logs as they fill
up. Run the following command to see the logs in real time:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><style type="text/css">
span.prompt1:before {
  content: "# ";
}
</style><span class="prompt1">ceph -W cephadm</span>
</pre></div></div><p>By default, this command shows info-level events and above.  To see
debug-level messages as well as info-level events, run the following
commands:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/log_to_cluster_level debug</span>
<span class="prompt1">ceph -W cephadm --watch-debug</span>
</pre></div></div><div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>The debug messages are very verbose!</p>
</div>
<p>You can see recent events by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph log last cephadm</span>
</pre></div></div><p>These events are also logged to the <code class="docutils literal notranslate"><span class="pre">ceph.cephadm.log</span></code> file on
monitor hosts as well as to the monitor daemons’ stderr.</p>
</div>
<div class="section" id="ceph-daemon-logs">
<span id="cephadm-logs"></span><h2>Ceph daemon logs<a class="headerlink" href="#ceph-daemon-logs" title="Permalink to this headline">¶</a></h2>
<div class="section" id="logging-to-journald">
<h3>Logging to journald<a class="headerlink" href="#logging-to-journald" title="Permalink to this headline">¶</a></h3>
<p>Ceph daemons traditionally write logs to <code class="docutils literal notranslate"><span class="pre">/var/log/ceph</span></code>. Ceph daemons log to
journald by default and Ceph logs are captured by the container runtime
environment. They are accessible via <code class="docutils literal notranslate"><span class="pre">journalctl</span></code>.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Prior to Quincy, ceph daemons logged to stderr.</p>
</div>
<div class="section" id="example-of-logging-to-journald">
<h4>Example of logging to journald<a class="headerlink" href="#example-of-logging-to-journald" title="Permalink to this headline">¶</a></h4>
<p>For example, to view the logs for the daemon <code class="docutils literal notranslate"><span class="pre">mon.foo</span></code> for a cluster
with ID <code class="docutils literal notranslate"><span class="pre">5c5a50ae-272a-455d-99e9-32c6a013e694</span></code>, the command would be
something like:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">journalctl -u ceph-5c5a50ae-272a-455d-99e9-32c6a013e694@mon.foo</span>
</pre></div></div><p>This works well for normal operations when logging levels are low.</p>
</div>
</div>
<div class="section" id="logging-to-files">
<h3>Logging to files<a class="headerlink" href="#logging-to-files" title="Permalink to this headline">¶</a></h3>
<p>You can also configure Ceph daemons to log to files instead of to
journald if you prefer logs to appear in files (as they did in earlier,
pre-cephadm, pre-Octopus versions of Ceph).  When Ceph logs to files,
the logs appear in <code class="docutils literal notranslate"><span class="pre">/var/log/ceph/&lt;cluster-fsid&gt;</span></code>. If you choose to
configure Ceph to log to files instead of to journald, remember to
configure Ceph so that it will not log to journald (the commands for
this are covered below).</p>
<div class="section" id="enabling-logging-to-files">
<h4>Enabling logging to files<a class="headerlink" href="#enabling-logging-to-files" title="Permalink to this headline">¶</a></h4>
<p>To enable logging to files, run the following commands:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> global log_to_file <span class="nb">true</span></span>
<span class="prompt1">ceph config <span class="nb">set</span> global mon_cluster_log_to_file <span class="nb">true</span></span>
</pre></div></div></div>
<div class="section" id="disabling-logging-to-journald">
<h4>Disabling logging to journald<a class="headerlink" href="#disabling-logging-to-journald" title="Permalink to this headline">¶</a></h4>
<p>If you choose to log to files, we recommend disabling logging to journald or else
everything will be logged twice. Run the following commands to disable logging
to stderr:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> global log_to_stderr <span class="nb">false</span></span>
<span class="prompt1">ceph config <span class="nb">set</span> global mon_cluster_log_to_stderr <span class="nb">false</span></span>
<span class="prompt1">ceph config <span class="nb">set</span> global log_to_journald <span class="nb">false</span></span>
<span class="prompt1">ceph config <span class="nb">set</span> global mon_cluster_log_to_journald <span class="nb">false</span></span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>You can change the default by passing –log-to-file during
bootstrapping a new cluster.</p>
</div>
</div>
<div class="section" id="modifying-the-log-retention-schedule">
<h4>Modifying the log retention schedule<a class="headerlink" href="#modifying-the-log-retention-schedule" title="Permalink to this headline">¶</a></h4>
<p>By default, cephadm sets up log rotation on each host to rotate these
files.  You can configure the logging retention schedule by modifying
<code class="docutils literal notranslate"><span class="pre">/etc/logrotate.d/ceph.&lt;cluster-fsid&gt;</span></code>.</p>
</div>
</div>
</div>
<div class="section" id="data-location">
<h2>Data location<a class="headerlink" href="#data-location" title="Permalink to this headline">¶</a></h2>
<p>Cephadm stores daemon data and logs in different locations than did
older, pre-cephadm (pre Octopus) versions of ceph:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">/var/log/ceph/&lt;cluster-fsid&gt;</span></code> contains all cluster logs. By
default, cephadm logs via stderr and the container runtime. These
logs will not exist unless you have enabled logging to files as
described in <a class="reference internal" href="#cephadm-logs">cephadm-logs</a>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">/var/lib/ceph/&lt;cluster-fsid&gt;</span></code> contains all cluster daemon data
(besides logs).</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">/var/lib/ceph/&lt;cluster-fsid&gt;/&lt;daemon-name&gt;</span></code> contains all data for
an individual daemon.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">/var/lib/ceph/&lt;cluster-fsid&gt;/crash</span></code> contains crash reports for
the cluster.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">/var/lib/ceph/&lt;cluster-fsid&gt;/removed</span></code> contains old daemon
data directories for stateful daemons (e.g., monitor, prometheus)
that have been removed by cephadm.</p></li>
</ul>
<div class="section" id="disk-usage">
<h3>Disk usage<a class="headerlink" href="#disk-usage" title="Permalink to this headline">¶</a></h3>
<p>Because a few Ceph daemons (notably, the monitors and prometheus) store a
large amount of data in <code class="docutils literal notranslate"><span class="pre">/var/lib/ceph</span></code> , we recommend moving this
directory to its own disk, partition, or logical volume so that it does not
fill up the root file system.</p>
</div>
</div>
<div class="section" id="health-checks">
<h2>Health checks<a class="headerlink" href="#health-checks" title="Permalink to this headline">¶</a></h2>
<p>The cephadm module provides additional health checks to supplement the
default health checks provided by the Cluster. These additional health
checks fall into two categories:</p>
<ul class="simple">
<li><p><strong>cephadm operations</strong>: Health checks in this category are always
executed when the cephadm module is active.</p></li>
<li><p><strong>cluster configuration</strong>: These health checks are <em>optional</em>, and
focus on the configuration of the hosts in the cluster.</p></li>
</ul>
<div class="section" id="id1">
<h3>CEPHADM Operations<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3>
<div class="section" id="cephadm-paused">
<h4>CEPHADM_PAUSED<a class="headerlink" href="#cephadm-paused" title="Permalink to this headline">¶</a></h4>
<p>This indicates that cephadm background work has been paused with
<code class="docutils literal notranslate"><span class="pre">ceph</span> <span class="pre">orch</span> <span class="pre">pause</span></code>.  Cephadm continues to perform passive monitoring
activities (like checking host and daemon status), but it will not
make any changes (like deploying or removing daemons).</p>
<p>Resume cephadm work by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch resume</span>
</pre></div></div></div>
<div class="section" id="cephadm-stray-host">
<span id="id2"></span><h4>CEPHADM_STRAY_HOST<a class="headerlink" href="#cephadm-stray-host" title="Permalink to this headline">¶</a></h4>
<p>This indicates that one or more hosts have Ceph daemons that are
running, but are not registered as hosts managed by <em>cephadm</em>.  This
means that those services cannot currently be managed by cephadm
(e.g., restarted, upgraded, included in <cite>ceph orch ps</cite>).</p>
<ul>
<li><p>You can manage the host(s) by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch host add *&lt;hostname&gt;*</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>You might need to configure SSH access to the remote host
before this will work.</p>
</div>
</li>
<li><p>See <a class="reference internal" href="../host-management/#cephadm-fqdn"><span class="std std-ref">Fully qualified domain names vs bare host names</span></a> for more information about host names and
domain names.</p></li>
<li><p>Alternatively, you can manually connect to the host and ensure that
services on that host are removed or migrated to a host that is
managed by <em>cephadm</em>.</p></li>
<li><p>This warning can be disabled entirely by running the following
command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/warn_on_stray_hosts <span class="nb">false</span></span>
</pre></div></div></li>
</ul>
</div>
<div class="section" id="cephadm-stray-daemon">
<h4>CEPHADM_STRAY_DAEMON<a class="headerlink" href="#cephadm-stray-daemon" title="Permalink to this headline">¶</a></h4>
<p>One or more Ceph daemons are running but not are not managed by
<em>cephadm</em>.  This may be because they were deployed using a different
tool, or because they were started manually.  Those
services cannot currently be managed by cephadm (e.g., restarted,
upgraded, or included in <cite>ceph orch ps</cite>).</p>
<ul>
<li><p>If the daemon is a stateful one (monitor or OSD), it should be adopted
by cephadm; see <a class="reference internal" href="../adoption/#cephadm-adoption"><span class="std std-ref">现有集群切换到 cephadm</span></a>.  For stateless daemons, it is
usually easiest to provision a new daemon with the <code class="docutils literal notranslate"><span class="pre">ceph</span> <span class="pre">orch</span> <span class="pre">apply</span></code>
command and then stop the unmanaged daemon.</p></li>
<li><p>If the stray daemon(s) are running on hosts not managed by cephadm, you can manage the host(s) by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch host add *&lt;hostname&gt;*</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>You might need to configure SSH access to the remote host
before this will work.</p>
</div>
</li>
<li><p>See <a class="reference internal" href="../host-management/#cephadm-fqdn"><span class="std std-ref">Fully qualified domain names vs bare host names</span></a> for more information about host names and
domain names.</p></li>
<li><p>This warning can be disabled entirely by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/warn_on_stray_daemons <span class="nb">false</span></span>
</pre></div></div></li>
</ul>
</div>
<div class="section" id="cephadm-host-check-failed">
<h4>CEPHADM_HOST_CHECK_FAILED<a class="headerlink" href="#cephadm-host-check-failed" title="Permalink to this headline">¶</a></h4>
<p>One or more hosts have failed the basic cephadm host check, which verifies
that (1) the host is reachable and cephadm can be executed there, and (2)
that the host satisfies basic prerequisites, like a working container
runtime (podman or docker) and working time synchronization.
If this test fails, cephadm will no be able to manage services on that host.</p>
<p>You can manually run this check by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph cephadm check-host *&lt;hostname&gt;*</span>
</pre></div></div><p>You can remove a broken host from management by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch host rm *&lt;hostname&gt;*</span>
</pre></div></div><p>You can disable this health warning by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/warn_on_failed_host_check <span class="nb">false</span></span>
</pre></div></div></div>
</div>
<div class="section" id="cluster-configuration-checks">
<h3>Cluster Configuration Checks<a class="headerlink" href="#cluster-configuration-checks" title="Permalink to this headline">¶</a></h3>
<p>Cephadm periodically scans each of the hosts in the cluster in order
to understand the state of the OS, disks, NICs etc. These facts can
then be analysed for consistency across the hosts in the cluster to
identify any configuration anomalies.</p>
<div class="section" id="enabling-cluster-configuration-checks">
<h4>Enabling Cluster Configuration Checks<a class="headerlink" href="#enabling-cluster-configuration-checks" title="Permalink to this headline">¶</a></h4>
<p>The configuration checks are an <strong>optional</strong> feature, and are enabled
by running the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/config_checks_enabled <span class="nb">true</span></span>
</pre></div></div></div>
<div class="section" id="states-returned-by-cluster-configuration-checks">
<h4>States Returned by Cluster Configuration Checks<a class="headerlink" href="#states-returned-by-cluster-configuration-checks" title="Permalink to this headline">¶</a></h4>
<p>The configuration checks are triggered after each host scan (1m). The
cephadm log entries will show the current state and outcome of the
configuration checks as follows:</p>
<p>Disabled state (config_checks_enabled false):</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>ALL cephadm checks are disabled, use <span class="s1">&#39;ceph config set mgr mgr/cephadm/config_checks_enabled true&#39;</span> to <span class="nb">enable</span>
</pre></div>
</div>
<p>Enabled state (config_checks_enabled true):</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>CEPHADM <span class="m">8</span>/8 checks enabled and executed <span class="o">(</span><span class="m">0</span> bypassed, <span class="m">0</span> disabled<span class="o">)</span>. No issues detected
</pre></div>
</div>
</div>
<div class="section" id="managing-configuration-checks-subcommands">
<h4>Managing Configuration Checks (subcommands)<a class="headerlink" href="#managing-configuration-checks-subcommands" title="Permalink to this headline">¶</a></h4>
<p>The configuration checks themselves are managed through several cephadm subcommands.</p>
<p>To determine whether the configuration checks are enabled, run the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph cephadm config-check status</span>
</pre></div></div><p>This command returns the status of the configuration checker as either “Enabled” or “Disabled”.</p>
<p>To list all the configuration checks and their current states, run the following command:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="gp"># </span>ceph cephadm config-check ls

<span class="go">  NAME             HEALTHCHECK                      STATUS   DESCRIPTION</span>
<span class="go">kernel_security  CEPHADM_CHECK_KERNEL_LSM         enabled  checks SELINUX/Apparmor profiles are consistent across cluster hosts</span>
<span class="go">os_subscription  CEPHADM_CHECK_SUBSCRIPTION       enabled  checks subscription states are consistent for all cluster hosts</span>
<span class="go">public_network   CEPHADM_CHECK_PUBLIC_MEMBERSHIP  enabled  check that all hosts have a NIC on the Ceph public_netork</span>
<span class="go">osd_mtu_size     CEPHADM_CHECK_MTU                enabled  check that OSD hosts share a common MTU setting</span>
<span class="go">osd_linkspeed    CEPHADM_CHECK_LINKSPEED          enabled  check that OSD hosts share a common linkspeed</span>
<span class="go">network_missing  CEPHADM_CHECK_NETWORK_MISSING    enabled  checks that the cluster/public networks defined exist on the Ceph hosts</span>
<span class="go">ceph_release     CEPHADM_CHECK_CEPH_RELEASE       enabled  check for Ceph version consistency - ceph daemons should be on the same release (unless upgrade is active)</span>
<span class="go">kernel_version   CEPHADM_CHECK_KERNEL_VERSION     enabled  checks that the MAJ.MIN of the kernel on Ceph hosts is consistent</span>
</pre></div>
</div>
<p>The name of each configuration check can be used to enable or disable a specific check by running a command of the following form:
:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph cephadm config-check disable &lt;name&gt;</span>
</pre></div></div><p>For example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph cephadm config-check disable kernel_security</span>
</pre></div></div></div>
<div class="section" id="cephadm-check-kernel-lsm">
<h4>CEPHADM_CHECK_KERNEL_LSM<a class="headerlink" href="#cephadm-check-kernel-lsm" title="Permalink to this headline">¶</a></h4>
<p>Each host within the cluster is expected to operate within the same Linux
Security Module (LSM) state. For example, if the majority of the hosts are
running with SELINUX in enforcing mode, any host not running in this mode is
flagged as an anomaly and a healtcheck (WARNING) state raised.</p>
</div>
<div class="section" id="cephadm-check-subscription">
<h4>CEPHADM_CHECK_SUBSCRIPTION<a class="headerlink" href="#cephadm-check-subscription" title="Permalink to this headline">¶</a></h4>
<p>This check relates to the status of vendor subscription. This check is
performed only for hosts using RHEL, but helps to confirm that all hosts are
covered by an active subscription, which ensures that patches and updates are
available.</p>
</div>
<div class="section" id="cephadm-check-public-membership">
<h4>CEPHADM_CHECK_PUBLIC_MEMBERSHIP<a class="headerlink" href="#cephadm-check-public-membership" title="Permalink to this headline">¶</a></h4>
<p>All members of the cluster should have NICs configured on at least one of the
public network subnets. Hosts that are not on the public network will rely on
routing, which may affect performance.</p>
</div>
<div class="section" id="cephadm-check-mtu">
<h4>CEPHADM_CHECK_MTU<a class="headerlink" href="#cephadm-check-mtu" title="Permalink to this headline">¶</a></h4>
<p>The MTU of the NICs on OSDs can be a key factor in consistent performance. This
check examines hosts that are running OSD services to ensure that the MTU is
configured consistently within the cluster. This is determined by establishing
the MTU setting that the majority of hosts is using. Any anomalies result in a
Ceph health check.</p>
</div>
<div class="section" id="cephadm-check-linkspeed">
<h4>CEPHADM_CHECK_LINKSPEED<a class="headerlink" href="#cephadm-check-linkspeed" title="Permalink to this headline">¶</a></h4>
<p>This check is similar to the MTU check. Linkspeed consistency is a factor in
consistent cluster performance, just as the MTU of the NICs on the OSDs is.
This check determines the linkspeed shared by the majority of OSD hosts, and a
health check is run for any hosts that are set at a lower linkspeed rate.</p>
</div>
<div class="section" id="cephadm-check-network-missing">
<h4>CEPHADM_CHECK_NETWORK_MISSING<a class="headerlink" href="#cephadm-check-network-missing" title="Permalink to this headline">¶</a></h4>
<p>The <cite>public_network</cite> and <cite>cluster_network</cite> settings support subnet definitions
for IPv4 and IPv6. If these settings are not found on any host in the cluster,
a health check is raised.</p>
</div>
<div class="section" id="cephadm-check-ceph-release">
<h4>CEPHADM_CHECK_CEPH_RELEASE<a class="headerlink" href="#cephadm-check-ceph-release" title="Permalink to this headline">¶</a></h4>
<p>Under normal operations, the Ceph cluster runs daemons under the same ceph
release (that is, the Ceph cluster runs all daemons under (for example)
Octopus).  This check determines the active release for each daemon, and
reports any anomalies as a healthcheck. <em>This check is bypassed if an upgrade
process is active within the cluster.</em></p>
</div>
<div class="section" id="cephadm-check-kernel-version">
<h4>CEPHADM_CHECK_KERNEL_VERSION<a class="headerlink" href="#cephadm-check-kernel-version" title="Permalink to this headline">¶</a></h4>
<p>The OS kernel version (maj.min) is checked for consistency across the hosts.
The kernel version of the majority of the hosts is used as the basis for
identifying anomalies.</p>
</div>
</div>
</div>
<div class="section" id="client-keyrings-and-configs">
<span id="id3"></span><h2>Client keyrings and configs<a class="headerlink" href="#client-keyrings-and-configs" title="Permalink to this headline">¶</a></h2>
<p>Cephadm can distribute copies of the <code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code> file and client keyring
files to hosts. It is usually a good idea to store a copy of the config and
<code class="docutils literal notranslate"><span class="pre">client.admin</span></code> keyring on any host used to administer the cluster via the
CLI.  By default, cephadm does this for any nodes that have the <code class="docutils literal notranslate"><span class="pre">_admin</span></code>
label (which normally includes the bootstrap host).</p>
<p>When a client keyring is placed under management, cephadm will:</p>
<blockquote>
<div><ul class="simple">
<li><p>build a list of target hosts based on the specified placement spec (see
<a class="reference internal" href="../services/#orchestrator-cli-placement-spec"><span class="std std-ref">Daemon Placement</span></a>)</p></li>
<li><p>store a copy of the <code class="docutils literal notranslate"><span class="pre">/etc/ceph/ceph.conf</span></code> file on the specified host(s)</p></li>
<li><p>store a copy of the keyring file on the specified host(s)</p></li>
<li><p>update the <code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code> file as needed (e.g., due to a change in the cluster monitors)</p></li>
<li><p>update the keyring file if the entity’s key is changed (e.g., via <code class="docutils literal notranslate"><span class="pre">ceph</span>
<span class="pre">auth</span> <span class="pre">...</span></code> commands)</p></li>
<li><p>ensure that the keyring file has the specified ownership and specified mode</p></li>
<li><p>remove the keyring file when client keyring management is disabled</p></li>
<li><p>remove the keyring file from old hosts if the keyring placement spec is
updated (as needed)</p></li>
</ul>
</div></blockquote>
<div class="section" id="listing-client-keyrings">
<h3>Listing Client Keyrings<a class="headerlink" href="#listing-client-keyrings" title="Permalink to this headline">¶</a></h3>
<p>To see the list of client keyrings are currently under management, run the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch client-keyring ls</span>
</pre></div></div></div>
<div class="section" id="putting-a-keyring-under-management">
<h3>Putting a Keyring Under Management<a class="headerlink" href="#putting-a-keyring-under-management" title="Permalink to this headline">¶</a></h3>
<p>To put a keyring under management, run a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch client-keyring <span class="nb">set</span> &lt;entity&gt; &lt;placement&gt; <span class="o">[</span>--mode<span class="o">=</span>&lt;mode&gt;<span class="o">]</span> <span class="o">[</span>--owner<span class="o">=</span>&lt;uid&gt;.&lt;gid&gt;<span class="o">]</span> <span class="o">[</span>--path<span class="o">=</span>&lt;path&gt;<span class="o">]</span></span>
</pre></div></div><ul class="simple">
<li><p>By default, the <em>path</em> is <code class="docutils literal notranslate"><span class="pre">/etc/ceph/client.{entity}.keyring</span></code>, which is
where Ceph looks by default.  Be careful when specifying alternate locations,
as existing files may be overwritten.</p></li>
<li><p>A placement of <code class="docutils literal notranslate"><span class="pre">*</span></code> (all hosts) is common.</p></li>
<li><p>The mode defaults to <code class="docutils literal notranslate"><span class="pre">0600</span></code> and ownership to <code class="docutils literal notranslate"><span class="pre">0:0</span></code> (user root, group root).</p></li>
</ul>
<p>For example, to create a <code class="docutils literal notranslate"><span class="pre">client.rbd</span></code> key and deploy it to hosts with the
<code class="docutils literal notranslate"><span class="pre">rbd-client</span></code> label and make it group readable by uid/gid 107 (qemu), run the
following commands:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph auth get-or-create-key client.rbd mon <span class="s1">&#39;profile rbd&#39;</span> mgr <span class="s1">&#39;profile rbd&#39;</span> osd <span class="s1">&#39;profile rbd pool=my_rbd_pool&#39;</span></span>
<span class="prompt1">ceph orch client-keyring <span class="nb">set</span> client.rbd label:rbd-client --owner <span class="m">107</span>:107 --mode <span class="m">640</span></span>
</pre></div></div><p>The resulting keyring file is:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">-rw-r-----. 1 qemu qemu 156 Apr 21 08:47 /etc/ceph/client.client.rbd.keyring</span>
</pre></div>
</div>
</div>
<div class="section" id="disabling-management-of-a-keyring-file">
<h3>Disabling Management of a Keyring File<a class="headerlink" href="#disabling-management-of-a-keyring-file" title="Permalink to this headline">¶</a></h3>
<p>To disable management of a keyring file, run a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch client-keyring rm &lt;entity&gt;</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>This deletes any keyring files for this entity that were previously written
to cluster nodes.</p>
</div>
</div>
</div>
<div class="section" id="etc-ceph-ceph-conf">
<span id="etc-ceph-conf-distribution"></span><h2>/etc/ceph/ceph.conf<a class="headerlink" href="#etc-ceph-ceph-conf" title="Permalink to this headline">¶</a></h2>
<div class="section" id="distributing-ceph-conf-to-hosts-that-have-no-keyrings">
<h3>Distributing ceph.conf to hosts that have no keyrings<a class="headerlink" href="#distributing-ceph-conf-to-hosts-that-have-no-keyrings" title="Permalink to this headline">¶</a></h3>
<p>It might be useful to distribute <code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code> files to hosts without an
associated client keyring file.  By default, cephadm deploys only a
<code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code> file to hosts where a client keyring is also distributed (see
above).  To write config files to hosts without client keyrings, run the
following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/manage_etc_ceph_ceph_conf <span class="nb">true</span></span>
</pre></div></div></div>
<div class="section" id="using-placement-specs-to-specify-which-hosts-get-keyrings">
<h3>Using Placement Specs to specify which hosts get keyrings<a class="headerlink" href="#using-placement-specs-to-specify-which-hosts-get-keyrings" title="Permalink to this headline">¶</a></h3>
<p>By default, the configs are written to all hosts (i.e., those listed by <code class="docutils literal notranslate"><span class="pre">ceph</span>
<span class="pre">orch</span> <span class="pre">host</span> <span class="pre">ls</span></code>).  To specify which hosts get a <code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code>, run a command of
the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/manage_etc_ceph_ceph_conf_hosts &lt;placement spec&gt;</span>
</pre></div></div><p>For example, to distribute configs to hosts with the <code class="docutils literal notranslate"><span class="pre">bare_config</span></code> label, run
the following command:</p>
</div>
<div class="section" id="distributing-ceph-conf-to-hosts-tagged-with-bare-config">
<h3>Distributing ceph.conf to hosts tagged with bare_config<a class="headerlink" href="#distributing-ceph-conf-to-hosts-tagged-with-bare-config" title="Permalink to this headline">¶</a></h3>
<p>For example, to distribute configs to hosts with the <code class="docutils literal notranslate"><span class="pre">bare_config</span></code> label, run the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph config <span class="nb">set</span> mgr mgr/cephadm/manage_etc_ceph_ceph_conf_hosts label:bare_config</span>
</pre></div></div><p>(See <a class="reference internal" href="../services/#orchestrator-cli-placement-spec"><span class="std std-ref">Daemon Placement</span></a> for more information about placement specs.)</p>
</div>
</div>
<div class="section" id="purging-a-cluster">
<h2>Purging a cluster<a class="headerlink" href="#purging-a-cluster" title="Permalink to this headline">¶</a></h2>
<div class="admonition danger">
<p class="admonition-title">Danger</p>
<p>THIS OPERATION WILL DESTROY ALL DATA STORED IN THIS CLUSTER</p>
</div>
<p>In order to destory a cluster and delete all data stored in this cluster, pause
cephadm to avoid deploying new daemons.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph orch pause</span>
</pre></div></div><p>Then verify the FSID of the cluster:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">ceph fsid</span>
</pre></div></div><p>Purge ceph daemons from all hosts in the cluster</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1"><span class="c1"># For each host:</span></span>
<span class="prompt1">cephadm rm-cluster --force --zap-osds --fsid &lt;fsid&gt;</span>
</pre></div></div></div>
</div>



           </div>
           
          </div>
          <footer>
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
        <a href="../client-setup/" class="btn btn-neutral float-right" title="Basic Ceph Client Setup" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
        <a href="../upgrade/" class="btn btn-neutral float-left" title="Ceph 的升级" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>
        &#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).

    </p>
  </div> 

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>